|
|
|
|
|
|
by infogulch
2557 days ago
|
|
|
I think you missed the "use hash functions" part. it would be something like base64(H(salt||example.com:1)). The ":1" suffix is there for when you have to change your password, you can increment to ":2" because : is not valid in a domain name. This doesn't solve all the other problems with this system, like what if there are multiple logins on the same domain? what if the site has esoteric password requirements? what if the requirements change? if your salt leaks you don't have a list of sites to know to go change your password. etc etc. Not my favorite solution for practical reasons, but it's cryptographically reasonable at least. |
|
|